Critical severity9.8NVD Advisory· Published Aug 21, 2018· Updated Jun 17, 2026
CVE-2018-15601
CVE-2018-15601
Description
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
elefant/cmsPackagist | < 2.0.4 | 2.0.4 |
Affected products
1Patches
Vulnerability mechanics
References
3- github.com/jbroadway/elefant/commit/afb3346e50b992bcba143660ca2149e563430e05nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-pcf7-5974-vjh4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-15601ghsaADVISORY
News mentions
0No linked articles in our index yet.